CVE-2024-34683

Summary

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Document BuilderS4CORE 100affected
SAP_SESAP Document Builder101affected
SAP_SESAP Document BuilderS4FND 102affected
SAP_SESAP Document Builder103affected
SAP_SESAP Document Builder104affected
SAP_SESAP Document Builder105affected
SAP_SESAP Document Builder106affected
SAP_SESAP Document Builder107affected
SAP_SESAP Document Builder108affected
SAP_SESAP Document BuilderSAP_BS_FND 702affected
SAP_SESAP Document Builder731affected
SAP_SESAP Document Builder746affected
SAP_SESAP Document Builder747affected
SAP_SESAP Document Builder748affected

Weaknesses

  • CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References